DarkSword, a potent hacking toolkit, has leaked online, putting millions of iPhones and iPads at risk. Security researchers found that exploits once exclusive to government spies and cybercriminals are now freely available for anyone to download and use. The leak appeared on GitHub, making these dangerous tools alarmingly accessible.
The toolkit targets Apple devices running outdated iOS versions, with confirmed exploits for iOS 18.4 and 18.7. Devices not updated to the latest software risk having sensitive data-like messages, browser history, location, and even cryptocurrency-stolen. This threat is real: researchers have already demonstrated successful attacks on vulnerable devices using the leaked code.
Why this matters for Apple users
For everyday iPhone and iPad users, this leak is a serious warning. The attack method is shockingly simple: just visiting a compromised website can give hackers control over your device and access to your private data. With the code now public, launching these attacks is easier than ever. Security experts urge users to update their devices immediately to stay safe.
Apple confirms that users running the latest versions from iOS 15 through iOS 26 are protected. Yet, nearly one in three iPhone and iPad owners still use outdated software, according to Apple’s own data. That means hundreds of millions of devices remain vulnerable to DarkSword’s exploits.
How DarkSword and Coruna work
DarkSword and its counterpart Coruna are sophisticated exploit kits designed to break into Apple devices and steal sensitive information. The attacks are indiscriminate-anyone visiting a site hosting the malicious code risks infection. Once compromised, attackers gain near-total control, uploading stolen data to hacker-controlled servers.
Coruna’s exploits have a complicated history. Some were originally developed by Trenchant, a unit within U.S. defense contractor L3Harris, before ending up in the hands of Russian and Chinese threat actors. DarkSword’s origins are less clear, but researchers have tracked its use in countries including China, Malaysia, Turkey, Saudi Arabia, and Ukraine.
How the leak happened
The DarkSword code surfaced on GitHub, written in HTML and JavaScript. This makes it easy for anyone with basic web skills to set up their own attack site. GitHub has not removed the code, citing its value for security research, though it warns that posting content supporting active malware campaigns violates its policies. Security researchers have already tested the leaked tools by hacking their own devices running vulnerable iOS versions.
What you should do now
If your iPhone or iPad isn’t running the latest software, update immediately. Security firm iVerify recommends upgrading to iOS 18.7.6 or iOS 26.3.1 to patch the vulnerabilities exploited by DarkSword. Apple users who stay current are protected, but those behind on updates are easy targets for opportunistic hackers.
The bottom line
- Update your iPhone or iPad to the latest iOS version without delay.
- Be cautious of suspicious links and websites, especially if your device isn’t updated.
- The leaked DarkSword toolkit makes attacks easier and more widespread than ever before.